Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

Message Filter condition

Hi

Would like to have new filter based on a condition when the field - " header("From") "contains certain words. How can we achieve this?

Appreciate any assistance

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Message Filter condition

From the CLI on the appliance - you will be doing the following:

> filters

Choose the operation you want to perform:

- NEW - Create a new filter.

- DELETE - Remove a filter.

- IMPORT - Import a filter script from a file.

- EXPORT - Export filters to a file

- MOVE - Move a filter to a different position.

- SET - Set a filter attribute.

- LIST - List the filters.

- DETAIL - Get detailed information on the filters.

- LOGCONFIG - Configure log subscriptions used by filters.

- ROLLOVERNOW - Roll over a filter log file.

[]> new

Enter filter script. Enter '.' on its own line to end.

You can see a full run-down of header and message filter scanning options from the Advanced Guide, 6-11:

http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

Header Rule

The header() rule checks the message headers for a specific header, which must be specified quoted in parentheses (“header name”). This rule may be compared to a regular expression, much like the subject rule, or may be used without any comparison, in which case it will be “true” if the header is found in the message, and “false” if it is not found. For example, the following example checks to see if the header X-Sample is found, and if its value contains the string “sample text”. If a match is made, the message is bounced.

You can specify non-ASCII characters to search for in the value of the header.

The following example demonstrates the header rule without a comparison. In this case, if the header X-DeleteMe is found, it is removed from the message.

TimeOutFilter:

if ((date > '07/28/2003 13:00:00') and (mail-from ==

'campaign1@yourdomain\\.com'))

{

bounce();

}

FooHeaderFilter:

if (header('X-Sample') == 'sample text')

{

bounce();

}

DeleteMeHeaderFilter:

if header('X-DeleteMe')

{

strip-header('X-DeleteMe');

}

If you are looking specifically for the "From" header, example would be:

drop_from:

if mail-from == "my.email@spam.com" {

drop();

}

Hope that helps!

-Robert

3 REPLIES
New Member

Message Filter condition

Hi,

You can do that using the Content filters. Following are the steps to be followed -

  1. Go to Mail Policies->Incoming Content Filter
  2. Add a content filter, give a name.
  3. Click on "Add Condition" and select "Envolope Sender" in the left pane
  4. Select the condition and the word of your interest and click "Ok"
  5. Add an action by clicking on "Add Action" and do not forget to submit to save the filter
  6. Next, go to Incoming Mail Policies and enable the newly created content filter

Hope this helps.

Regards

Karthik

Regards Karthik
New Member

Message Filter condition

Looking at message filter using CLI NOT content filters using GUI

Cisco Employee

Re: Message Filter condition

From the CLI on the appliance - you will be doing the following:

> filters

Choose the operation you want to perform:

- NEW - Create a new filter.

- DELETE - Remove a filter.

- IMPORT - Import a filter script from a file.

- EXPORT - Export filters to a file

- MOVE - Move a filter to a different position.

- SET - Set a filter attribute.

- LIST - List the filters.

- DETAIL - Get detailed information on the filters.

- LOGCONFIG - Configure log subscriptions used by filters.

- ROLLOVERNOW - Roll over a filter log file.

[]> new

Enter filter script. Enter '.' on its own line to end.

You can see a full run-down of header and message filter scanning options from the Advanced Guide, 6-11:

http://www.cisco.com/en/US/products/ps10154/products_user_guide_list.html

Header Rule

The header() rule checks the message headers for a specific header, which must be specified quoted in parentheses (“header name”). This rule may be compared to a regular expression, much like the subject rule, or may be used without any comparison, in which case it will be “true” if the header is found in the message, and “false” if it is not found. For example, the following example checks to see if the header X-Sample is found, and if its value contains the string “sample text”. If a match is made, the message is bounced.

You can specify non-ASCII characters to search for in the value of the header.

The following example demonstrates the header rule without a comparison. In this case, if the header X-DeleteMe is found, it is removed from the message.

TimeOutFilter:

if ((date > '07/28/2003 13:00:00') and (mail-from ==

'campaign1@yourdomain\\.com'))

{

bounce();

}

FooHeaderFilter:

if (header('X-Sample') == 'sample text')

{

bounce();

}

DeleteMeHeaderFilter:

if header('X-DeleteMe')

{

strip-header('X-DeleteMe');

}

If you are looking specifically for the "From" header, example would be:

drop_from:

if mail-from == "my.email@spam.com" {

drop();

}

Hope that helps!

-Robert

569
Views
0
Helpful
3
Replies